Commit Graph

270 Commits

Author SHA1 Message Date
Sam f2e7b74d88 FIX: don't return 200s when login is required to paths
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Robin Ward 6b04967e2f FEATURE: Staff members can lock posts
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Régis Hanol 1b4483c942 FEATURE: Added 'select +below' and 'select +all replies' options to selecting posts 2017-12-13 22:12:06 +01:00
Guo Xiang Tan e73fbfe265 FIX: `Topic#featured_link_root_domain` extracts URL before parsing. 2017-12-04 10:00:07 +08:00
Robin Ward 23dce88f5f FIX: Removed a line by accident, broke tests 2017-10-23 14:49:14 -04:00
Robin Ward 89a1b34480 FIX: Show the deleted icon if the quote expands a deleted topic 2017-10-23 13:41:41 -04:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Bianca Nenciu 6bc74ceb50 Split alias levels in mentionable and messageable levels. (#5065)
* Split alias levels in mentionable and messageable levels.

* Fixed some tests.

* Set messageable level to everyone by default.

* By defaults, groups are not mentionable or messageable.

* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
Bianca Nenciu bb3a5910d7 Support for sending PMs to email addresses (#4988)
* Added support for sending PMs to email addresses.

* Made changes after review.

* Added settings validator.

* Fixed tests.
2017-08-28 12:07:30 -04:00
Mudasir Raza 84c83afd35 Allow optional import_mode param for posts in api (#4952) 2017-08-17 07:53:04 -04:00
Régis Hanol 4f09a5a7a5 Add 'Post.permitted_create_params' to allow plugins to add new params when creating a post 2017-08-12 04:10:45 +02:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Robin Ward ae7734707e REFACTOR: Merge different templates from rendering user stream items 2017-06-20 15:45:41 -04:00
Guo Xiang Tan 8ab9f30bbd FIX: User can't remove bookmark from a deleted post. 2017-05-19 12:25:12 +08:00
Guo Xiang Tan 304ace926e FIX: Raise right response when post_action does not exist. 2017-04-27 17:29:53 +08:00
Sam Saffron 0013a23dc1 SECURITY: prefer render plain/html to render text where possible 2017-04-10 08:01:42 -04:00
Robin Ward 14410b71fb Convert server side paths to use `/u/` 2017-03-30 10:23:24 -04:00
Sam bc1a6ccb90 Merge pull request #4741 from tgxworld/allow_bookmark_removal
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
Régis Hanol 00380d84c5 UX: display text & html parts alongside raw email in incoming email modal 2017-03-08 23:15:42 +01:00
Guo Xiang Tan 689dd16be0 FIX: Allow user to remove bookmark from posts as long as bookmark is present.
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
Guo Xiang Tan 781d83a46f FIX: Toggling a post's wiki status should not skip revision. 2017-01-25 13:34:55 +08:00
Guo Xiang Tan 0a25df67bc Revert "FIX: Incorrect parameter being passed to component."
This reverts commit d354a6f7a4.
2017-01-25 13:12:24 +08:00
Guo Xiang Tan d354a6f7a4 FIX: Incorrect parameter being passed to component. 2017-01-25 13:09:08 +08:00
Guo Xiang Tan 32846aad2a FIX: Toggling post's wiki status should not create a new version. 2017-01-20 15:42:33 +08:00
Sam 6ff309aa80 SECURITY: don't grant same privileges to user_api and api access
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Erick Guan 52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Neil Lalonde 29edbafac7 FIX: post short link on subfolder installs 2016-11-01 15:20:04 -04:00
Sam 2b15919aee missing spot where old api was used 2016-08-26 10:58:34 +10:00
Régis Hanol 681f566a66 FIX: staff members should be able to see raw email of deleted posts 2016-08-01 23:55:22 +02:00
Guo Xiang Tan 36ddb1787e FEATURE: Add toggle topic visibility button in popup menu. 2016-07-28 16:57:04 +08:00
Andre Pereira 8cbd585e20 FEATURE: Allow staff users to merge posts. 2016-07-27 12:04:14 +08:00
Steve Kemp 8f8ad3fe4a Allow an (optional) post-creation time to be submitted. (#4205)
* Allow an (optional) post-creation time to be submitted.

This should allow a new post to be created with an initial
date/time specified by the caller, which will be useful for
people writing importers..

* Only allow `created_at` to be submitted via the API.

This addresses the previous concern.
2016-05-22 10:54:03 +02:00
Robin Ward 5518141ad5
Option for verbose logging when API calls to create posts fail 2016-04-12 12:10:48 -04:00
Arpit Jalan 13fa0f8cf8 FIX: only show regular posts in RSS feed 2016-03-31 21:34:53 +05:30
Arpit Jalan 41208b99a1 FEATURE: RSS feed for user posts and topics 2016-03-31 20:24:05 +05:30
Arpit Jalan c54dc4a8d9 FIX: update RSS description for public/private posts 2016-03-21 18:45:16 +05:30
Arpit Jalan 34469e725b FEATURE: separate API endpoints for public and private posts 2016-03-21 18:21:15 +05:30
Arpit Jalan 89248580dc FEATURE: revert post to a specific revision 2016-03-11 02:46:55 +05:30
Régis Hanol cf4c256b17 FEATURE: new 'raw email' modal when listing rejected emails 2016-02-01 21:41:49 +01:00
Neil Lalonde 685ba1eb7f FEATURE: blocked users can send and reply to private messages from staff 2016-01-22 12:54:24 -05:00
Arpit Jalan 06bac23e5f FEATURE: allow users to wikify their own posts based on trust level 2016-01-12 08:44:25 +05:30
Sam 9899e8d4a5 FEATURE: First class messages to groups, you can select a group as a target of a message 2015-12-02 15:49:43 +11:00
Robin Ward 3939331dec FIX: Staff was getting 500 when editing post in deleted topic 2015-11-13 11:35:23 -05:00
Arpit Jalan 49edffd3c3 FEATURE: support linking to a specific revision of a topic/post 2015-10-19 14:31:29 +05:30
Régis Hanol 06b799bfbf Merge pull request #3857 from gdpelican/fix-for-untopiced-posts
Don't error on posts#latest if a post does not have a topic
2015-10-16 14:59:36 +02:00
James Kiesel 695b366a03 Don't error on posts#latest if a post does not have a topic 2015-10-16 14:44:48 +03:00
Sam 2422289c8b FIX: whispers should not be revealed in reply to, or reply expansion
FEATURE: mark whisper as experimental
FIX: badges should never apply to whispers
2015-09-25 10:16:19 +10:00
Robin Ward 91f3e8e724 For now, restrict whispering to staff only. 2015-09-15 12:29:32 -04:00
Robin Ward 5af0f5f80e FEATURE: Whisper posts 2015-09-11 14:05:21 -04:00
Kane York 27ee8bea95 FIX: Remove N+1 queries in posts.json 2015-09-04 13:36:47 -07:00
Kane York 32e5016dbb FEATURE: Include topic title, category in posts.json 2015-09-01 17:46:06 -07:00
Kane York 94439ebddd FIX: Tighter rate-limit for post self-deletions 2015-08-18 12:50:45 -07:00
Régis Hanol 23a5c6444a FIX: move topic links and quoted posts extraction to the PostRevisor 2015-08-14 19:33:32 +02:00
Sam bafdf9290d FIX: don't let blocked users reach post creator or new post queue
correct broken spec
2015-08-06 10:32:53 +10:00
Sam 01ad88f1ed FEATURE: min_first_post_typing_time
If a user spends less than 3 seconds typing
first post they will automatically enter the approval queue
2015-08-04 10:57:34 +10:00
Sam 7b8b96446e FEATURE: track statistics around post creation
- how long were people typing?
- how long was composer open?
- how many drafts were created?
- correct, draft saved to go away after you continue typing

store in Post.find(xyz).post_stat
2015-08-03 14:29:15 +10:00
Robin Ward 5f45e5361f FIX: Moderation actions can have their messages removed 2015-07-28 16:58:56 -04:00
Arpit Jalan 71ee84f848 FEATURE: latest posts RSS feed 2015-06-09 21:45:06 +05:30
Sam e5888cf090 PERF: avoid preloading json in cases where it is not needed
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
Régis Hanol a737090442 - FEATURE: revamped poll plugin
- add User.staff scope
- inject MessageBus into Ember views (so it can be used by the poll plugin)
- REFACTOR: use more accurate is_first_post? method instead of post_number == 1
- FEATURE: add support for JSON-typed custom fields
- FEATURE: allow plugins to add validation
- FEATURE: add post_custom_fields to PostSerializer
- FEATURE: allow plugins to whitelist post_custom_fields
- FIX: don't bump when post did not save successfully
- FEATURE: polls are supported in any post
- FEATURE: allow for multiple polls in the same post
- FEATURE: multiple choice polls
- FEATURE: rating polls
- FEATURE: new dialect allowing users to preview polls in the composer
2015-04-23 19:33:29 +02:00
Tan Le 9fbc763902 Replace Hash#keys.each with Hash#each_key for some perf boost 2015-04-18 21:53:53 +10:00
Robin Ward 22ffcba8e6 Convert `Discourse.Post` to ES6 and use Store model
- Includes acceptance tests for composer (post, edit)
- Supports acceptance testing of bootbox
2015-04-15 14:54:36 -04:00
Robin Ward 19a9a8b408 `NewPostManager` determines whether to queue a post or not 2015-04-15 14:54:36 -04:00
Robin Ward db4c04d606 FIX: Moderators shouldn't be able to see secure deleted posts 2015-04-13 11:48:31 -04:00
Régis Hanol 6cd4330335 FIX: show all deleted posts 2015-03-11 18:07:47 +01:00
Sam 59a28bf5c1 regression: bookmarked may be missing, do not fail 2015-02-19 11:42:01 +11:00
Sam b041b3f67f FIX: bookmark topic was not working intuitively
- explicitly call out "clear bookmarks"
- correct keyboard shortcuts
- properly remove bookmarks when toggeling
2015-02-19 10:58:57 +11:00
riking 4c8850108a SECURITY: Don't leak topic title in the redirect 2015-02-04 11:55:39 -08:00
Sam a6ce188f35 Merge pull request #3126 from riking/latest-posts
Latest posts endpoint at /posts.json
2015-01-30 08:55:45 +11:00
Robin Ward f028b51620 Add post parameters so plugins like akismet can use it for spam
prevention.
2015-01-29 13:09:35 -05:00
Robin Ward 1f40807001 Add extensibility point for whenever a post is created 2015-01-29 12:46:29 -05:00
Robin Ward 8fc477ab07 More refactoring to support extensibility of history 2015-01-28 13:37:06 -05:00
Robin Ward d43944b3ed Extensibility for tracking changes to a topic 2015-01-28 13:37:06 -05:00
riking 9e9119d1c1 FEATURE: Enable pagination of /posts.json 2015-01-23 21:22:19 -08:00
riking 1d24d8471e FEATURE: Latest posts endpoint at /posts.json 2015-01-23 21:16:03 -08:00
Régis Hanol c681b353f2 FEATURE: bookmark topic button 2015-01-12 12:10:15 +01:00
Robin Ward 0bc0bd7a21 Pass the `current_user` to the topic saved event 2015-01-08 17:29:11 -05:00
Robin Ward 704ac91a22 FIX: Broken spec 2015-01-06 17:06:24 -05:00
Robin Ward 5667478b4d A common, extensible interface for sending topic columns across the wire
This allows plugins to specify topic columns to serialize and save in
the database via the composer when creating topics and editing their
first posts.
2015-01-06 14:53:12 -05:00
Régis Hanol a036ac7bdc FIX: users can see the raw email source of their own posts 2014-11-12 14:49:42 +01:00
Régis Hanol e7f251c105 LOTS of changes to properly handle post/topic revisions
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam 1cc37e32b9 FEATURE: add max_reply_history to limit number of replies
that can be expanded, when clicking "in-reply-to"
2014-10-27 09:44:42 +11:00
Arpit Jalan 72873b8368 further optimize raw email feature 2014-10-18 00:50:02 +05:30
David McClure 19d5362c6b FEATURE: ability to hide or show specific post revisions 2014-10-14 07:19:45 -07:00
Régis Hanol 5754e8dd0f FEATURE: auto-close topics based on last post 2014-10-10 18:21:44 +02:00
Régis Hanol 7e8c4b63f4 FIX: only show agreed abd deferred flags on user's profile 2014-10-09 16:10:16 +02:00
Régis Hanol 98b6b9821a FEATURE: log topic/post deletions from staff members 2014-10-01 17:40:13 +02:00
Régis Hanol 0b13f6572f FEATURE: staff option to unhide a post 2014-09-22 18:55:13 +02:00
Régis Hanol e56fcf0c43 FEATURE: add 'rebake post' in post wrench menu 2014-09-11 16:04:40 +02:00
riking b62699707d FIX: Unknown /posts/id.json should 404 2014-09-10 18:10:27 -07:00
Régis Hanol 18f8038015 FEATURE: add new 'convert to staff message' in post wrench menu 2014-09-10 23:08:33 +02:00
Robin Ward 334e21a03a Revert "Revert "FEATURE: Can create warnings for users via PM""
This reverts commit 1c7559380c.
2014-09-08 11:11:56 -04:00
Robin Ward 1c7559380c Revert "FEATURE: Can create warnings for users via PM"
This reverts commit b0bfc1f93f.
2014-09-08 10:38:59 -04:00
Robin Ward b0bfc1f93f FEATURE: Can create warnings for users via PM 2014-09-08 10:27:06 -04:00
Robin Ward b04a52676e FIX: Don't show wrong flag choices after undo 2014-09-02 17:37:54 -04:00
Sam 7d5c0ae28e FIX: broken and uneeded code 2014-08-08 09:07:51 +10:00
Sam 03c8f09be8 PERF: finalize porting to new incoming links structure 2014-08-04 16:43:57 +10:00
Robin Ward fb8dda7f42 FIX: We should use `category_id` instead of `category_name` to perform
operations, now that the subcategory names are not unique.
2014-07-16 15:40:35 -04:00
Régis Hanol 7dcf2a2c4f FEATURE: show the user's flagged/deleted posts 2014-07-16 21:04:55 +02:00
Sam 2d0def9940 FIX: First Quote badge bust
Feature: track quoted posts
2014-07-15 17:47:24 +10:00
Sam 6618358586 FIX: dupe protection is API only now
make optional later on (was introduced for wordpress plugin)
2014-07-14 15:59:58 +10:00
riking 783454ebe1 Fix /p/post/user route not saving referrals
Make user id optional for /p/id/uid
Add /posts/id/raw route for debugging failed post processing
2014-07-11 14:44:07 -07:00
Robin Ward 8a4e96645c FEATURE: Can click to expand hidden posts to see the good stuff! 2014-06-20 17:07:12 -04:00
Régis Hanol 0df666277d BUGFIXES: properly deal with bookmarks and deleted posts
BUGFIX: removing a bookmark from the activity feed was busted for deleted posts
BUGFIX: delete associated user actions when deleting a post
2014-06-04 17:41:11 +02:00
riking 41332ab7ad Allow anonymous to see raw posts 2014-05-19 23:33:27 -07:00
Wojciech Zawistowski 960d64930c Wiki Post 2014-05-13 08:53:11 -04:00
Régis Hanol fca6738212 BUGFIX: could not see the revisions of a post in a deleted topic 2014-05-12 16:30:10 +02:00
Régis Hanol bc3de84ebf FEATURE: remove bookmark button in activity feed 2014-05-12 09:33:26 +02:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Sam 05efc8df16 BUGFIX: likes would cause whole post to re-render 2014-04-24 12:42:04 +10:00
Robin Ward dbab628e16 Support for creating embedded topics via API 2014-04-03 14:42:44 -04:00
Robin Ward 10d0320532 FIX: Allow expanding posts when anonymous, add specs 2014-04-03 11:30:43 -04:00
Robin Ward d1e7fa1c47 Minor tweaks to importing first posts 2014-04-02 15:54:21 -04:00
Robin Ward 558a06a117 Adds better reusable error message support. Added to fetching remote
posts. /cc @riking
2014-04-02 13:22:10 -04:00
Robin Ward b250aa36a0 Remote fetching of blog contents 2014-04-02 10:26:46 -04:00
Robin Ward 50fb048b99 Interface for expanding OP contents 2014-04-02 10:26:46 -04:00
Sam 1cd32ced33 FEATURE: update likes and flags live. 2014-03-24 13:22:03 +11:00
Neil Lalonde 283dc7dd2d Trust level 4: add ability to edit any post and see edit history 2014-03-13 10:47:49 -04:00
Wojciech Zawistowski 227c0af20b Removes unnecessary instance vars. 2014-02-24 18:03:29 +01:00
Wojciech Zawistowski ed311eb65a PostsController refactoring. 2014-02-21 17:12:43 +01:00
Wojciech Zawistowski cfbeba84d2 Adds tests for PostsController#replies. 2014-02-20 17:38:13 +01:00
Wojciech Zawistowski 5e8db5ce14 Adds specs for PostsController#by_number. 2014-02-19 17:41:17 +01:00
Wojciech Zawistowski 5b9a4d3581 Refactors PostsController and adds unit tests. 2014-02-18 17:19:38 +01:00
Régis Hanol 4fb274fb9d BUGFIX: history link doesn't work on deleted posts 2014-02-04 20:05:50 +01:00
Neil Lalonde 259295d865 Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year. 2014-01-09 11:55:04 -05:00
Sam eeb83adf71 BUGFIX: staff can now edit delted posts
fixes #1343

This was way easier than mucking with the UI
2014-01-06 18:12:51 +11:00
Régis Hanol 06dd7ffe3c better revision history 2013-12-12 03:41:34 +01:00
Neil Lalonde a9ab98ef9e Auto-close time can be entered in 3 ways, so a topic can close at any time 2013-11-27 09:52:35 -05:00
Sam 3fa48f8d76 Style fix: https://twitter.com/andrzejkrzywda/status/404943844896423937 2013-11-26 10:21:41 +11:00
Régis Hanol 482b752046 add edit reason when editing a post 2013-11-15 23:28:49 +01:00
Régis Hanol af96ef2994 FIX: deleting a flagged post issue
cf. http://meta.discourse.org/t/deleting-a-flagged-post-issue/10061

The bug was only happening when you were about the delete the first post, which means deleting the entire topic.
2013-10-02 16:59:57 +02:00
Régis Hanol cd4cda5b4c allow users to specify thumbnail size 2013-09-27 10:57:31 +02:00
Robin Ward 7d9a84b496 New User Education goes through a server side ComposerMessages check. Composer message for users
who don't have avatars.
2013-09-13 12:23:53 -04:00
Robin Ward 71c1b8b9b9 When deleting a post as staff, ask if you want to delete direct replies too 2013-09-05 11:03:34 -04:00
Robin Ward f157ec1f91 Select +Replies for bulk operations 2013-09-05 11:03:29 -04:00
Robin Ward 1c3804934e Show the entire history of replies above a post when you expend "in reply to" 2013-08-06 17:43:10 -04:00
Sam 4a20d09523 distributed memoizer added to ensure absolute duplicate posts don't get through
in case of an absolute dupe just return the memoized post

This works around issues with wordpress being crazy
2013-07-29 12:25:19 +10:00
Sam 1f3c5cb656 allow end user to recover a post they delete
automatically delete stubs after 1 day
2013-07-22 17:48:47 +10:00
Sam 0ec1438b9a correct auto track param parsing for WordPress 2013-07-22 15:07:20 +10:00
Sam acba0ea41e add auto track to permitted params 2013-07-22 15:07:20 +10:00
Robin Ward 5eaae063f0 Discourse Macro Helpers + Minor Fix to Admin User View 2013-07-11 19:35:52 -04:00
Robin Ward d98f288aa4 FIX: Recovering a deleted post was not updating a topic's statistics 2013-07-09 12:15:55 -04:00
Sam f6b850e7a4 allow skipping the validations on creation if its an api call AND skip_validations is specified
this allows wordpress plugin to post very very short titles or titles that would otherwise be disallowed
2013-07-02 12:23:19 +10:00
Neil Lalonde e263bb3c0a Anons should be able to see post history 2013-06-19 16:43:16 -04:00
Ian Christian Myers b61e10f9ad All parameters for #create in PostsController pass through strong_parameters.
We are now explicitly whitelisting all parameters for Post creation. A nice side-effect is that it cleans up the #create action in PostsController. We can now trust that all parameters entering PostCreator are of a safe scalar type.
2013-06-07 01:29:25 -07:00
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Sam 870e59883b secure the links on the topic pages, eliminated deleted topics as well. 2013-06-05 16:10:26 +10:00
Robin Ward d554a59102 Support for a new site setting: `newuser_spam_host_threshold`. If a new user posts a link
to the same host enough tiles, they will not be able to post the same link again.

Additionally, the site will flag all their previous posts with links as spam and they will
be instantly hidden via the auto hide workflow.
2013-05-16 12:19:50 -04:00
Neil Lalonde 9828c87525 Topic Auto-Close: admins and mods can set a topic to automatically close after a number of days 2013-05-13 12:53:52 -04:00
Sam 942f168ab6 UI still a tad rough, but we have a first pass of secure categories 2013-05-10 16:47:47 +10:00